Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by
![]()
source https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html
source https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html